Java 1.4.2_02 keystore password?

Similar Messages

• SSL and keystore password

  I am creating a server and using JSSE. All the examples I see pass the Keystore and Keystore password as a java enviromnent variable when starting the server. Does this seem a little unsecure to pass the password on the command line? Is there any other way to pass the keystore password?

  I am creating a server and using JSSE. All the
  examples I see pass the Keystore and Keystore password
  as a java enviromnent variable when starting the
  server. Does this seem a little unsecure to pass the
  password on the command line? Is there any other way
  to pass the keystore password?Think hard on this one - what "more secure way" are you going to use? Sooner or later, somebody who knows has to give the code a password to use.
  Most of the systems I've seen haven't even required it on the command line - it's been written down in a script or .properties file, so the app can start/restart without human intervention. The files containing the passwords are protected by whatever the host OS uses to keep files private (e.g., owned by root, owner-read-only perms on Unix).
  No matter how much encryption you put in place, at the bottom of the chain there's a plain-text password entered SOMEwhere...
  Grant

• Where to put keystore password

  I am sure this topic has been discussed.. but the forum search seems to be cactus at the moment so:
  I have a keystore (java.security.KeyStore) into which I am putting encryption keys (as you would expect). I need to encrypt data because although it's on a server behind a firewall, it's pretty important info. I am securing the keystore with a password, but I now have a problem of what to do with the password. I can't store it in a database because I am using one of the keys from the keystore to encrypt the configuration file used to access the database (again, for security).
  I realise that there will always be one weak point in the system, but I was wondering what the best-practice approach for storing keystore passwords was.
  A couple of considerations:
  1. I am in a web (tomcat) environment
  2. I don't have (and don't want to have) an EJB layer
  3. I can't leave it up to the user to enter, because I (the system) needs to encrypt/decrypt data without the user's intervention
  4. I can't store it in the database as already mentioned
  5. I can hard code the password(s) in compiled java code, but this can be decompiled and it means I can change them (easily)
  Any ideas?

  There are three key questions you have to answer before you can do "the right thing" for your environment in this context. The first is, "How much do you trust the physical security of your hardware?" The second is "How hard do you need to make life for would-be Bad Guys?" And the third is "How hard are you willing to make life for your sysadmins?"
  Take #3, for example. If you're willing to make your admins miserable, or pay for 24x7 on-site coverage - don't write your ultimate key down anywhere, ever. When your system goes down, an admin has to restart it by re-entering the password/key info for unlocking all of your secrets. This approach chooses security over convenience in a very large way.
  #2 and #1 are interrelated. If you trust your machine-security, you can make life hard for the Bad Guys even while leaving your startup password in the clear in your init scripts. If you don't trust your system too much, but you only care about deterring the "casual cracker," then you can do the same. If you want to make life REALLY hard for the Bad Guys, you can't leave the key available anywhere near your machine - even the specialized hardware approach can be defeated by a dedicated assault that has access to the machine. (At which point, you need to see #3 above).
  In general, putting the key into your .class files is always the wrong answer. You can't change the password without recompiling, and everyone who uses the app is forced to have the same password, which is A Bad Thing. In addition, it's no more secure than having the pasword in a config-file that's protected to the same degree as the classfile itself. If the JVM can read the classfile, it can find and read a config file - and if a Bad Guy could find the plaintext config, he can find the classfile and extract the password nearly as easily.
  In the vast majority of cases, keys in config files protected by the OS of the server machine will keep your system's secrets safe while allowing for "hands off" restarts. In the small number of instances where that's not sufficient, be prepared to pay a heavy price in hardware and convenience.
  Grant

• How do I set the default keystore password?

  The following code is currently failing with the exception below.
  private X509Certificate getX509Certificate(String alias)
                 throws CertificateException {
            // NOTE The default keystore password is "**********", as specified in the Sun KeyStore documentation
            // NOTE For more information, read the Sun documentation at http://java.sun.com
            X509Certificate cert  = null;
            String keystore      = "keystore";
            try {
                 cert = getX509Certificate(alias, keystore, "**********");
            catch(KeyStoreException exception) {
                 // A keystore exception occurred in the call to getX509Certificate, which could be indicative of a
                 // bad installation
                 throw new CertificateException("A keystore exception occurred accessing the default keystore."
                          + " Check your keystore installation, ensuring that the default keystore password"
                          + " is the standard Java keystore password\r\n"
                          + exception.getMessage());
            }+[04/12/07 15:02:57:827 GMT] 0000001f SystemErr R java.security.cert.CertificateException: A keystore exception occurred accessing the default keystore. Check your keystore installation, ensuring that the default keystore password is the standard Java keystore password+
  A keystore exception occurred accessing the default keystore. Check your keystore installation, ensuring that the default keystore password is the standard Java keystore password
  The provider 'SUN' has not been configured
  no such provider: SUN
  So it looks like my default keystore password is not the same as that in the code above (I've replaced it with ******). How do I set the default keystore to be the same as in the code above? Please note the exact same code works for another application - and so I would like to use the same class file rather than having to change the code above.

  You define the password for a keystore when you create it.
  There is no default.
  There is a default on the 'cacerts' truststore provided for JSSE: see
  http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html

• JAXB (XJC) problem with Java 1.4.2_02

  Hi,
  I am trying to migrate our system to Java version 1.4.2_02 (currently using 1.4.1_02). We use XJC from JAXB to compile XML schema files into java classes. JAXB is packaged in JWSDP (we are using version 1.3). I am currently experiencing a problem whereby if I use java version 1.4.2_02 and run XJC on the xml schema file its not generating any of the inner classes. All classes including inner are generated properly if I am pointing 1.4.1_02.
  Just wondering if you came across this problem before and would know of a possible solution.
  thanks for your help
  Manish

  I was having this problem as well. I extracted the MSI from the InstallShield and found that it's looking for a property called "SystemFilesLocked" to equal 1. If you pass it as a parameter and give it a value of 0, this error message doesn't appear. I've installed now to 15 W2K desktops without any issues.
  The 'silent installation' documentation for this product is sorely lacking. The install string I'm using is below:
  j2re-1_4_2_03-windows-i586-p.exe /S /v/qn"ADDLOCAL=jrecore SYSTEMFILESLOCKED=0 CONTROLPANELLOCKED=1 SKDSILENT=1 IEXPLORER=0 SYSTRAY=0 REBOOT=Suppress JAVAUPDATE=0 JAVAJAVAWLOCKED=0 WEBSTARTICON=0 /L C:\TEMP\LogFiles\JRE_JWS_142_03.log"
  Hope this helps...

• Java 1.4.2_02 javax package

  Hello,
  I downloaded and installed:
  java version "1.4.2_02"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_02-b03)
  Java HotSpot(TM) Client VM (build 1.4.2_02-b03, mixed mode)
  But when I try to import javax the compiler cannot find it. It can find normal java packages but not javax. Any ideas?

  javax packages are language extensions.
  Which ones are you looking for?
  For example, if you need javax.servlet, it's not part of the JDK download. You'll need to download and install Tomcat or another servlet/JSP engine that has the servlet.jar.
  Java3D comes in a javax package. That's separate download, too.
  MOD

• Java code to reset UNIX password

  Hi I need to reset a password of remote UNIX machine through java.
  Please give me clues/commands by which i can implement this .
  If you have any info about command interfaces that unix gives on some ports for resetting by connecting through a socket you are most welcome.
  My OS is HP-UX but other OS tricks are also expected.
  NB. I have admin password in my hand , I need to reset another users password

  thomas.behr,
  You might be right person to answer me ,
  Tell the command or methods for that . No I'm not the right person to answer you. I do have no knowledge on System Administration at all.
  My question was meant for you to elaborate on why you think you need or why you want to use Java to reset user passwords. It just did not cross my mind that you might be trying to write a system administration tool in Java, since such tools are highly OS specific AFAIK.

• Full Java Edition SP16 - EP Login Password admin not working

  I have installed the sp16 successfully without any problems.
  But when I try to login to the portal with admin username and admin password, it is not logging in. It is complaining that it is a wrong password.
  Please help. Thanks

  Hi All
  I am also installing Full Java version in prep for Portal install and I am trying to apply support pack 16 after the initial install. After starting sapinst and selecting Install Sp16 , then supply profile path, The next screen asks for JDK drectory. The curent one defaults but failes : The system come back and says you have entered an invalid value in the field.  F1 say to check spam and the version needed for this install. I have D:\j2sdk1.4.2_11 set.
  running win 2003
          MSSQL
          java only install.
         j2sdk1.4.2_11
  Any ideas would be appreciated.
  Thanks

• I get a java script error saying my password is incorrect?

  when I start Firefox 5 a pop says" java script error password my be invalid try typing in your email address" no idea what it is talking about

  Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
  * Don't make any changes on the Safe mode start window.
  * https://support.mozilla.com/kb/Safe+Mode
  * https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes

• Java.io.IOException: Invalid keystore format

  Getting this invalid keystore format when trying to enter a secure website that run java. Tried to re-install several times and several versions of JRE... NtWebTellerApplet.
  This is running on a Vista Ultimate x64 with Q6600 and 8 gigs of RAM. Even tried to get the support on that site to remote help.. No luck in that either.
  ava.io.IOException: Invalid keystore format
       at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
       at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
       at java.security.KeyStore.load(Unknown Source)
       at com.sun.deploy.security.DeploySigningCertStore$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeploySigningCertStore.loadCertStore(Unknown Source)
       at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
       at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
       at com.sun.deploy.security.ImmutableCertStore.load(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
       at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
       at java.security.SecureClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.defineClass(Unknown Source)
       at java.net.URLClassLoader.access$000(Unknown Source)
       at java.net.URLClassLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(Unknown Source)
       at sun.applet.AppletClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.applet.AppletClassLoader.loadCode(Unknown Source)
       at sun.applet.AppletPanel.createApplet(Unknown Source)
       at sun.plugin.AppletViewer.createApplet(Unknown Source)
       at sun.applet.AppletPanel.runLoader(Unknown Source)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)

  I think that I am on to something. I deleted all the files in this directory:
  C:\Users\<username>\AppData\LocalLow\Sun\Java\Deployment\security
  This seems to resolve the problem with the invalid keystore (is a new one created?). Do not know yet if it has some unwanted side effects, but jeg jvm seems to start normally.

• 1.4.0_01 java plugin proxy config with password / plugin options???

  I have the 1.4.0_01 java plugin installed and I'm running with Mozilla 1.1. I'm behind a firewall -- the plugin is configured to use browser settings.
  So it accurately fetches the proxy server & port config. but then every time I hit
  a page with multiple Java classes, a popup window appears asking for my username/pw.
  I enter it 10 times to dl each class and then the java app runs.
  Is there a way to expedite the username/password entry by storing it in a command
  line option for java? Perhaps there is an environment variable I can set?
  I saw similar options -D javaplugin.trace.filename but I have no idea what
  the option would be for this...
  Thanks!
  --eric

  This can only be done by the applet, I posted a bug to sun concerning this issue, as it is a regression with plugin 1.4 but they set it to wontfix.
  http://developer.java.sun.com/developer/bugParade/bugs/4677535.html
  In 1.3.1 the PluginAuthenticator was used to store all password information and reuse the information as long as the vm kept running. But as of 1.4 this behavior is changed, and the password information are only kept for the single applet and the possibility for the applet to retrieve this information is gone (and be able to store it elsewhere).

• Java networking from windows to password protected unix server

  How to execute unix shell scripts on a unix box which is password protected, from a java application running on windows? help for the solution

  You need to know the password. Or set up ssh to use client certificates (read the manual page & google).

• JAVA SCRIPT application: Invalid username/password combination. If you continue to get this error, try entering your email address as your username.

  Every time I start up Firefox, I get the following:
  JavaScript Application
  "mfernandez1957" Invalid username/password combination. If you continue to get this error, try entering your email address as your username.
  What do I do?
  Another issue is hang ups, I mean every few seconds it hangs up and I get (Not Responding), which is frustrating when you're entering data or whatever and in the middle it freezes so then you have to go back and retype stuff that never got entered. It even hangs right out the gate, I get (Not Responding), I mean, before Firefox is even fully loaded, it hangs, it even hangs (though considerably less frequently) with all my plug ins currently disabled. So that's another issue.
  If y'all can help, I would be grateful.

  hello, please try to [[Reset Firefox – easily fix most problems|reset firefox]] and see if this can address the issue...

• Java and shell scripts - get password

  HI all,
  Im writing an installation prg using java appl on linux by running shell scripts. For this, I want to get root passwd in a text field from the user and use it in shell script (for cmd su) to get root login and to install my pkg.
  Can u help me to do this ???
  thanks in advance,
  rameshvl

  My only requirement is to install java (I have
  I have jdk rpm with me !!)
  with a user account. Hi ramesh,
  The discussion is now going a bit out of topic (this is a java forum).
  Unix Systems are multiuser systems. The users are organized to use the system concurrently. Therefore each user is able to write only in his area and in /tmp. If a user wants to install anything on this system he is able to do it in his area and not as root. root (the system administrator) is responsible for installing everything that is used by everybody. This means why do you have to start an application as user and then do something as root? Why don't you start the application as root and then be root to do everything you want?
  If you want the user to install java, why does he has to do this for everybody else on the system? Why not only install it in his home area? why the rpm, why not tar.gz?
  I hope this is a common reqmt of everybody, butNo this is not.
  I hope this helps
  M.

• Is it possible to add a certificate to CACERTS without keystore password?

  please can you answer this question: (THE REAL QUESTION is ON THE LINK BELOW)
  (and dont write any answer here, write the answers to link below: )
  http://forums.sun.com/thread.jspa?messageID=11037719&#65533;
  Edited by: weblogic_admin on Aug 19, 2010 11:32 PM

  Crossposted and answered, locking.